The results of a new survey of 1,005 consumers released last week show that although 78 percent of U.S. Internet users plan to shop online this year, more than 69 percent of those shoppers will limit their online purchasing because of concerns associated with the safety of their personal information.
The survey was conducted by Truste , a nonprofit privacy organization in San Francisco, and market research firm Taylor Nelson Sofres PLC in New York. More than 40 percent of the respondents said that privacy-related concerns would deter them from purchasing from smaller online retailers. About 22 percent said they won't be purchasing online at all. The survey was conducted online between Oct. 27 and Nov. 1.
"There's definitely a reason for both consumers and merchants to feel more concerned" about data security and privacy issues compared with previous years, said John Pescatore, an analyst at Stamford, Conn.-based Gartner Inc.
Assessing the risks
For consumers, the biggest risks come from hackers' increasing use of keystroke- logging and password-acquisition tools, Pescatore said. Such remote access tools let cyberthieves capture sensitive information, such as credit card numbers, from consumers who are conducting business online, he said.
A Gartner study conducted in March showed that despite a higher awareness of phishing scams, a large number of consumers continue to be fooled into visiting Web sites that download such hacker tools, Pescatore added.
And it's not only consumers who need to be wary about the increasing proliferation of such tools. Companies whose employees use corporate systems to buy online should also be concerned, said Charles King, a product manager at Blue Coat Systems Inc. , a Sunnyvale, Calif.-based security vendor.
According to King, the encrypted connections between employees and the shopping sites they go to can often be used as a conduit for spyware, bot programs, viruses and worms. Such encrypted sessions are often allowed to pass through untouched to employees' PCs, raising all sorts of security issues, he said.
"Encrypted communications are agnostic. It doesn't tell you if the traffic is good or bad," said Pete Lindstrom, an analyst at Spire Security LLC in Malvern, Pa. So companies need to have controls in place -- such as proxies to terminate Secure Sockets Layer traffic -- to ensure that employees' shopping behavior doesn't pose a security risk, he said.
The results from the Truste survey appear to reinforce the findings of other recent surveys.
In a nationwide survey of 1,009 consumers conducted by Forrester Custom Consumer Research for the Business Software Alliance , one in four consumers said they would not shop online because of Internet security concerns. Another survey, released on Nov. 22 by Sun Microsystems Inc., showed that 83 percent of the 2,008 consumers polled think they're most susceptible to identity theft during the holiday season.
But Cathy Hotka, senior vice president of technology and business development at the Retail Industry Leaders Association in Washington, said much of the concern about online security is overblown.
"I don't believe for a second that anybody's enthusiasm has been dampened" because of online security concerns, Hotka said. "The track record of online security is great. We've demonstrated safe e-commerce for years, and consumers love it," she said. "If anything, there's concern about phishing and the effect that it can have on brand."